* [sisyphus] OpenLDAP+SASL(DIGEST-MD5)
@ 2005-02-14 10:39 Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
0 siblings, 2 replies; 3+ messages in thread
From: Epiphanov Sergei @ 2005-02-14 10:39 UTC (permalink / raw)
To: Рассылка Sisyphus
Прошу послать мне лично хотя бы какие-нибудь ссылки как заполучить регистрацию
в OpenLDAP через SASL (у кого работает), чтобы пароли хранились в OpenLDAP.
Пишу сюда, так как в Интернете нужной информации не нашёл, в Community
так ничего и не сказали. Помогите, бубен не работает...
Пробовал через документацию OpenLDAP, прописал нужные sasl-regexp,
прописал в rootDSE параметр
supportedSASLMechanisms: DIGEST-MD5
SIMPLE регистрация работает, запущен saslauthd, команда testauthd проходит
нормально. При попытке пройти регистрацию через SASL получаю:
$ ldapsearch -U user@realm -W -b "dc=example,dc=com"
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Authentication method not supported (7)
additional info: SASL(-4): no mechanism available: Couldn't find mech DIGEST-MD5
$testsaslauthd -u user -p test
0: OK "Success."
$ ldapsearch -x -D "uid=user,ou=people,dc=example,dc=com" -W -b
"dc=example,dc=com"
...
выдаёт текст из базы
...
$ cat /etc/openldap/rootDSE.ldif
dn:
vendorName: The OpenLDAP Project
supportedSASLMechanisms: DIGEST-MD5
В /etc/openldap/slapd.conf есть строки:
sasl-regexp
uid=(.*),cn=realm,cn=DIGEST-MD5,cn=auth
uid=$1,ou=people,dc=example,dc=com
sasl-regexp
uid=(.*),cn=DIGEST-MD5,cn=auth
uid=$1,ou=people,dc=example,dc=com
Ковыряние обнаружило, что нет обработки root_dse_info, в которой
идёт создание атрибутов rootDSE (где, кстати и появляются
supportedSASLMechanisms). Прав я или нет?
--
С уважением, Епифанов Сергей
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [sisyphus] OpenLDAP+SASL(DIGEST-MD5)
2005-02-14 10:39 [sisyphus] OpenLDAP+SASL(DIGEST-MD5) Epiphanov Sergei
@ 2005-02-14 10:44 ` Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
1 sibling, 0 replies; 3+ messages in thread
From: Epiphanov Sergei @ 2005-02-14 10:44 UTC (permalink / raw)
To: ALT Linux Sisyphus discussion list
Файл логов от сервера в аттаче
--
С уважением, Епифанов Сергей
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [sisyphus] OpenLDAP+SASL(DIGEST-MD5)
2005-02-14 10:39 [sisyphus] OpenLDAP+SASL(DIGEST-MD5) Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
@ 2005-02-14 10:44 ` Epiphanov Sergei
1 sibling, 0 replies; 3+ messages in thread
From: Epiphanov Sergei @ 2005-02-14 10:44 UTC (permalink / raw)
To: ALT Linux Sisyphus discussion list
[-- Attachment #1: Type: text/plain, Size: 69 bytes --]
Файл логов от сервера в аттаче
--
С уважением, Епифанов Сергей
[-- Attachment #2: ldap-sasl-connect1.txt --]
[-- Type: text/plain, Size: 3904 bytes --]
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: new connection on 12
Feb 14 11:40:07 tester slapd[13471]: conn=0 fd=12 ACCEPT from IP=192.168.1.100:33097 (IP=192.168.1.100:389)
Feb 14 11:40:07 tester slapd[13471]: daemon: added 12r
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on:
Feb 14 11:40:07 tester slapd[13471]:
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on:
Feb 14 11:40:07 tester slapd[13471]: 12r
Feb 14 11:40:07 tester slapd[13471]:
Feb 14 11:40:07 tester slapd[13471]: daemon: read activity on 12
Feb 14 11:40:07 tester slapd[13471]: connection_get(12)
Feb 14 11:40:07 tester slapd[13471]: connection_get(12): got connid=0
Feb 14 11:40:07 tester slapd[13471]: connection_read(12): checking for input on id=0
Feb 14 11:40:07 tester slapd[13471]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
Feb 14 11:40:07 tester slapd[13487]: do_bind
Feb 14 11:40:07 tester slapd[13487]: >>> dnPrettyNormal: <uid=user,cn=realm,cn=DIGEST-MD5,cn=auth>
Feb 14 11:40:07 tester slapd[13487]: <<< dnPrettyNormal: <uid=user,cn=realm,cn=DIGEST-MD5,cn=auth>, <uid=user,cn=realm,cn=digest-md5,cn=auth>
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13487]: do_sasl_bind: dn (uid=user,cn=realm,cn=DIGEST-MD5,cn=auth) mech DIGEST-MD5
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13487]: conn=0 op=0 BIND dn="uid=user,cn=realm,cn=DIGEST-MD5,cn=auth" method=163
Feb 14 11:40:07 tester slapd[13487]: ==> sasl_bind: dn="uid=user,cn=realm,cn=DIGEST-MD5,cn=auth" mech=DIGEST-MD5 datalen=0
Feb 14 11:40:07 tester slapd[13487]: SASL [conn=0] Failure: Couldn't find mech DIGEST-MD5
Feb 14 11:40:07 tester slapd[13487]: send_ldap_result: conn=0 op=0 p=3
Feb 14 11:40:07 tester slapd[13487]: send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: Couldn't find mech DIGEST-MD5"
Feb 14 11:40:07 tester slapd[13487]: send_ldap_response: msgid=1 tag=97 err=7
Feb 14 11:40:07 tester slapd[13487]: conn=0 op=0 RESULT tag=97 err=7 text=SASL(-4): no mechanism available: Couldn't find mech DIGEST-MD5
Feb 14 11:40:07 tester slapd[13487]: <== slap_sasl_bind: rc=7
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on:
Feb 14 11:40:07 tester slapd[13471]: 12r
Feb 14 11:40:07 tester slapd[13471]:
Feb 14 11:40:07 tester slapd[13471]: daemon: read activity on 12
Feb 14 11:40:07 tester slapd[13471]: connection_get(12)
Feb 14 11:40:07 tester slapd[13471]: connection_get(12): got connid=0
Feb 14 11:40:07 tester slapd[13471]: connection_read(12): checking for input on id=0
Feb 14 11:40:07 tester slapd[13471]: ber_get_next on fd 12 failed errno=0 (Success)
Feb 14 11:40:07 tester slapd[13471]: connection_read(12): input error=-2 id=0, closing.
Feb 14 11:40:07 tester slapd[13471]: connection_closing: readying conn=0 sd=12 for close
Feb 14 11:40:07 tester slapd[13471]: connection_close: conn=0 sd=12
Feb 14 11:40:07 tester slapd[13471]: daemon: removing 12
Feb 14 11:40:07 tester slapd[13471]: conn=0 fd=12 closed
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: activity on 1 descriptors
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 14 11:40:07 tester slapd[13471]: daemon: select: listen=7 active_threads=0 tvp=NULL
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-02-14 10:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-02-14 10:39 [sisyphus] OpenLDAP+SASL(DIGEST-MD5) Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
2005-02-14 10:44 ` Epiphanov Sergei
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git